While doing a lint check on a code block, a parse error was occurring on a line that contained a comment in the original source file. [...] Presumably what was happening was, even though the var_dump() call showed that actual newlines were being interpreted correctly, the r was also being interpreted rather than taken literally. This caused the comma following it to generate the error I was receiving.

An alternative to the method he was using, shell_exec, is proc_open, a function that opens a resource to handle a command execution and allows for more than just the "point and shoot" execution that things like shell_exec, or system.

This causes a warning in the Quit plugin, which uses exec to automatically detection of the full path to the PHP CLI binary on non-Windows systems that it will later use that path to initiate a new PHP CLI process to "restart" the bot.

It check this setting for the future, it was recommended that he look at the SPL ReflectionFunction class (a part of the Standard PHP Library) that would let him check the disabled status of any PHP function (looking at the result of the isDisabled call).

This causes a warning in the Quit plugin, which uses exec to automatically detection of the full path to the PHP CLI binary on non-Windows systems that it will later use that path to initiate a new PHP CLI process to "restart" the bot.

It check this setting for the future, it was recommended that he look at the SPL ReflectionFunction class (a part of the Standard PHP Library) that would let him check the disabled status of any PHP function (looking at the result of the isDisabled call).

New on the Developer Tutorials blog today is this look at handling background processes from your PHP script:

You've checked and double checked the integrity of user input, and you’re doing some serious processing. There's only one problem: it's too slow. There's a simple solution: forking your processing script, and running the code as a background process asynchronously. It can email your user when it's done: they'll wait. In this tutorial, I'll show you how to get started with background processes in PHP.

Akash gives examples of the three keys to background processes - starting the script via an exec, talking to the process by passing additional parameters and including code to monitor the state of the background process via something like a MySQL "sessions" table that the script writes to.

On the PHP Discovery blog, there's a new post reminding PHP developers of some of the more dangerous ways that remote execution could effect your site and some of the common entry points it can have.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.

On the PHP Discovery blog, there's a new post reminding PHP developers of some of the more dangerous ways that remote execution could effect your site and some of the common entry points it can have.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.

Nessa has twoposts that talk about how to use PHP to display the versions of software running on the local machine.

I've been working on this application for work that does some simple server reporting, part of which involves displaying the versions of major software running on the machines. [...] I need to be aware of this to make sure that customers are being moved to servers with compatible versions. It's also good in tracking and planning upgrades.

In the first post she recommends using the exec function in PHP to run system commands to get things like the cpanel version, python version and what perl you have installed.

Part two shows a little bit different way to get some of the same information - using the data in the /proc/version file as a single resource to get OS information.

Nessa has twoposts that talk about how to use PHP to display the versions of software running on the local machine.

I've been working on this application for work that does some simple server reporting, part of which involves displaying the versions of major software running on the machines. [...] I need to be aware of this to make sure that customers are being moved to servers with compatible versions. It's also good in tracking and planning upgrades.

In the first post she recommends using the exec function in PHP to run system commands to get things like the cpanel version, python version and what perl you have installed.

Part two shows a little bit different way to get some of the same information - using the data in the /proc/version file as a single resource to get OS information.

In this new post to his blog, Ed Finkler talks about some tests he worked up to discover if a function is available in PHP or not while working on the latest version of PHPSecInfo).

is_callable() will return TRUE even if a function has been disabled in php.ini with disabled_functions (which, in my mind, is contrary to what â€œis_callableâ€ implies). function_exists() will return FALSE if the function is disabled in php.ini, but will return TRUE if the function is being blocked by safe_mode.

So, to help counter these issues, he checks first to see if the exec('id') option works - checking it work function_exists and the setting for safe_mode (disabled). If it doesn't pass, he moves on to the posix_* function and tests then with a function_exists.

In this new post to his blog, Ed Finkler talks about some tests he worked up to discover if a function is available in PHP or not while working on the latest version of PHPSecInfo).

is_callable() will return TRUE even if a function has been disabled in php.ini with disabled_functions (which, in my mind, is contrary to what â€œis_callableâ€ implies). function_exists() will return FALSE if the function is disabled in php.ini, but will return TRUE if the function is being blocked by safe_mode.

So, to help counter these issues, he checks first to see if the exec('id') option works - checking it work function_exists and the setting for safe_mode (disabled). If it doesn't pass, he moves on to the posix_* function and tests then with a function_exists.